Hacking in C, NWI-IPC025, Spring 2017

This course is taught by Erik Poll and Peter Schwabe. The course used to be called Software & Web Security 1. More info in the studiegids.

The course gives an introduction to C programming (incl. the use of pointers and dynamically allocated data), the underlying memory representation on the stack and the heap, and ways to abuse all this (with buffer overflows, integer overflows, and format strings attacks). The course also teaches some basic command lines skills in Linux/UNIX, incl. shell scripts and Makefiles.

xkcd cartoon 'tags' Hoorcollege: maandags 13:45-15:30 in HG00.307
Werkcollege: woensdags 10:45-12:30 in HG00.137 en HG00.625
Vereiste voorkennis: Imperatief programmeren 1 & 2 (NWI-IPC014, NWI-IPC015 ) en Processoren (NWI-IPC006)

For this course there are obligatory weekly programming or hacking exercises, which have to be done in pairs. At most one of these exercises may have been marked as nsi (niet serieus ingeleverd) in order for you to take the exam. Exercises have to be handed in via Blackboard.

Schedule & course material

Links to slides and assignments will be added as the course progresses.

Read Section 9.1 of your 'Program Solving with C++' book (used in the Imperatief Programmeren course) for another explanation of pointers.
Jan 30, college 1 Intro [SLIDES] and C-data types and their representation [SLIDES]
Code examples demo-ed in lecture 1
Feb 1, practicum 1 The Linux command line, gcc, and make.
[linux-cheat-sheet] [alternative cheat sheet by Felix Stegerman]
Assignment 1, Deadline: February 8, 23:59.
Makefile main.c hello.c addvector.c addvector.h
Feb 6, college 2 Alignment, arrays and pointers [SLIDES]
Code examples demo-ed in lecture 2. Compile where_is_data_allocated.c with or without the option -O2 to get gcc to re-align data differently.
Feb 8, practicum 3 Memory layout and pointer arithmetic.
Assignment 2, Deadline: February 15, 23:59.
Feb 13, college 3 Pointers (continued) and memory management: the stack
Code samples demo-ed in the lecture
More info on the stack overflow in Toyotas: here (not exam material!)
A bit childish, but great for revision: Binky pointer fun movie by Nick Parlante
Feb 15, practicum 4 Playing around on the stack and the heap.
Assignment 3, Deadline (excl. part 2): Feb 22, 23:59.
NB question 2 of assignment 3 is about material that will only be presented in the lecture of Feb 20, so you can skip that for now, and hand that in as part of assignment 4.
Feb 20, college 4 The heap, and more stack and heap issues [SLIDES]: overflow, memory leaks, and problems with malloc & free
Code samples demo-ed in the lecture
The XKCD cartoon explaining Heartbleed
Feb 22, practicum 5 Memory leaks and attacks. Introduction to gdb.
Assignment 4, Deadline: March 8, 23:59. pwd-normal, pwd-hard
You might find this GDB Quick Reference helpful.
Feb 27 geen college vanwege carnaval
March 1, practicum 5 geen nieuwe opdracht ivm carnaval
March 6, college 5 Format string attacks and buffer overflows [SLIDES]
Read the tutorial on buffer overflows by Herbert Bos and lecture notes on format strings by Wenliang Du.

A bufferflow overflow attack is similar to phreaking attack on the phone system (video): In a buffer overflow attack, malicious input tricks the CPU into doing something; in a phone phreaking attack, malicious input - by whistling! - tricks the phone system into doing something, namely dialing numbers for free.

March 8, practicum 6 Assignment 5, Deadline: March 19, 23:59.
If the server hackme.cs.ru.nl should not be reachable, please email Pol van Aubel <radboud@polvanaubel.com> Some additional tips for the final challenge to hack the server
  • When using format strings to analyse the stack layout, using strings with lots of %p's is the most convenient, as %p will print stack data as (in this case 64 bit) pointer values.
March 13, college 6 Buffer overflows: More attacks and some defences (Canaries, non-executable stack, ASLR)
March 15, practicum 7 More work on assignment 5.
March 20, college 7 Demonstration and discussion of attack on the server (from assignment 5). Root causes
Thursday April 6, 8:30-11:30 exam in HG00.304 and HG00.307
voorbeeld tentamen (We don't provide a sample solution. NB unlike in some earlier years, we will not ask questions about bash scripts in the exam.)

Reference material about C

Some links that may be useful for the lab sessions:

Parts of the course are inspired by on material from the SysSec Common Curriculum, and the course is part of the 10K Students Challenge to teach 10 thousand students the basics of software vulnerabilities and secure programming.

xkcd cartoon about heartbleed